diff --git a/flake.lock b/flake.lock
index 8f9b1e9..854b103 100644
--- a/flake.lock
+++ b/flake.lock
@@ -23,11 +23,11 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1758835276,
-        "narHash": "sha256-RlfV0236hc1olvLMUDmd6uBOYGqr+77pF+UjGzELPA8=",
+        "lastModified": 1759394888,
+        "narHash": "sha256-FwmvYoAcBtsKW4dGVeD+/zHKov3cIYfyWO1Fwqv3HwQ=",
         "ref": "refs/heads/main",
-        "rev": "38102377bbb3ecc2de852446ad03a6e4e98aba0b",
-        "revCount": 7,
+        "rev": "e5ceedd0e56ae0272875765da13dccabf8747764",
+        "revCount": 10,
         "type": "git",
         "url": "file:///home/beastie/nixos/secrets"
       },
diff --git a/hosts/home-nix/default.nix b/hosts/home-nix/default.nix
index c77ec28..a972ac2 100644
--- a/hosts/home-nix/default.nix
+++ b/hosts/home-nix/default.nix
@@ -11,10 +11,9 @@
   
   imports = builtins.trace "${inputs.mysecrets}" [
     (modulesPath + "/installer/scan/not-detected.nix")
-    ./network.nix
     ./disk-config.nix
     ./hardware-configuration.nix
     ../../modules/core
     ../../modules/optionnals/hosts/${hostname}.nix
   ];
-}
+}
\ No newline at end of file
diff --git a/hosts/home-nix/network.nix b/hosts/home-nix/network.nix
deleted file mode 100644
index 2c0b628..0000000
--- a/hosts/home-nix/network.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  hostname,
-  ...
-}:
-{
-  networking = {
-    hostName = "${hostname}";
-    interfaces.enp5s0 = {
-      ipv4.addresses = [
-        {
-          address = "192.168.0.2";
-          prefixLength = 24;
-        }
-      ];
-    };
-    defaultGateway = {
-      address = "192.168.0.254";
-      interface = "enp5s0";
-    };
-    nameservers = [
-      "9.9.9.9"
-      "2001:41d0:303:20da::1"
-      "217.182.138.218"
-    ];
-    networkmanager.enable = true;
-
-    firewall.enable = true;
-  };
-}
diff --git a/hosts/test-kvm/network.nix b/hosts/test-kvm/network.nix
deleted file mode 100644
index e5159ad..0000000
--- a/hosts/test-kvm/network.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{
-  hostname,
-  ...
-}:
-{
-  networking = {
-    hostName = "${hostname}";
-    interfaces.enp1s0 = {
-      ipv4.addresses = [
-        {
-          address = "192.168.122.100";
-          prefixLength = 24;
-        }
-      ];
-    };
-    defaultGateway = {
-      address = "192.168.122.1";
-      interface = "enp1s0";
-    };
-    nameservers = [
-      "9.9.9.9"
-      "2001:41d0:303:20da::1"
-      "217.182.138.218"
-    ];
-    networkmanager.enable = true;
-
-    firewall.enable = true;
-  };
-}
diff --git a/hosts/work-nix/default.nix b/hosts/work-nix/default.nix
index 27ed029..d89d9a1 100644
--- a/hosts/work-nix/default.nix
+++ b/hosts/work-nix/default.nix
@@ -7,9 +7,10 @@
   ...
 }:
 {
+  system.stateVersion = "25.11";
+
   imports = builtins.trace "${inputs.mysecrets}" [
     (modulesPath + "/installer/scan/not-detected.nix")
-    ./network.nix
     ./hardware-configuration.nix
     ../../modules/core
     ../../modules/optionnals/hosts/${hostname}.nix
diff --git a/hosts/work-nix/network.nix b/hosts/work-nix/network.nix
deleted file mode 100644
index c1fc802..0000000
--- a/hosts/work-nix/network.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  hostname,
-  ...
-}:
-{
-  networking = {
-    hostName = "${hostname}";
-    networkmanager.enable = true;
-    firewall.enable = true;
-  };
-}
diff --git a/modules/core/system.nix b/modules/core/system.nix
index e69de29..9c44dfb 100644
--- a/modules/core/system.nix
+++ b/modules/core/system.nix
@@ -0,0 +1,34 @@
+{
+  pkgs,
+  username,
+  hostname,
+  modulesPath,
+  inputs,
+  ...
+}:
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  time.timeZone = "Europe/Paris";
+
+  nix = {
+    settings = {
+      ## Enable flakes
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      ## Users trusted to use flake command
+      trusted-users = [
+        "root"
+        "${username}"
+      ];
+    };
+  };
+
+  networking = {
+    hostName = "${hostname}";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+}
\ No newline at end of file
diff --git a/modules/optionnals/desktop/config/etc/xdg/hypr/hyprpaper.conf b/modules/optionnals/desktop/config/etc/xdg/hypr/hyprpaper.conf
index e69de29..d2be45c 100644
--- a/modules/optionnals/desktop/config/etc/xdg/hypr/hyprpaper.conf
+++ b/modules/optionnals/desktop/config/etc/xdg/hypr/hyprpaper.conf
@@ -0,0 +1,2 @@
+preload = ~/Downloads/wallpaper.jpeg
+wallpaper = , ~/Downloads/wallpaper.jpeg
\ No newline at end of file
diff --git a/modules/optionnals/desktop/kitty.nix b/modules/optionnals/desktop/kitty.nix
index 91040c6..a0faffc 100644
--- a/modules/optionnals/desktop/kitty.nix
+++ b/modules/optionnals/desktop/kitty.nix
@@ -21,7 +21,7 @@
     starship.enable = true;
     bash = {
       promptInit = ''
-        [[ "$TERM" == "xterm-kitty" ]] && export TERM="xterm" 
+        [[ "$TERM" == "xterm-kitty" ]] && export TERM="xterm-256color" 
 
         [[ -f ${pkgs.nitch}/bin/nitch ]] && nitch
 
diff --git a/modules/optionnals/hosts/home-nix.nix b/modules/optionnals/hosts/home-nix.nix
index 5c0432d..51ed05f 100644
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -1,13 +1,15 @@
 {
+  pkgs,
   ...
 }:
 {
   imports = [
-    ../sops-desktop.nix
-    ../sudo-nopasswd.nix
     ../autologin.nix
+    ../openfortivpn.nix
+    ../sops-desktop.nix
     ../ssh.nix
-
+    ../sudo-nopasswd.nix
+    
     ### Import GUI modules
     ../desktop/dunst.nix
     ../desktop/kitty.nix
@@ -21,4 +23,36 @@
     ### Import Graphics modules
     ../desktop/nvidia.nix
   ];
+
+    networking = {
+    interfaces.enp5s0 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.0.2";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway = {
+      address = "192.168.0.254";
+      interface = "enp5s0";
+    };
+    nameservers = [
+      #"9.9.9.9"
+      "2001:41d0:303:20da::1"
+      "217.182.138.218"
+    ];
+    extraHosts = ''
+      172.18.21.172   errorpages.grandbesancon.fr
+      #172.18.23.4    dozzle.grandbesancon.fr
+      #172.18.22.206  toto.grandbesancon.fr
+      #172.18.229.3   sso.grandbesancon.fr
+      #172.18.20.37   sso.grandbesancon.fr
+      #172.18.20.229  auth.grandbesancon.fr
+      #172.18.20.181  traefikauth.grandbesancon.fr
+    '';
+  };
+  environment.systemPackages = [
+    pkgs.tor-browser
+  ];
 }
diff --git a/modules/optionnals/openfortivpn.nix b/modules/optionnals/openfortivpn.nix
new file mode 100644
index 0000000..2b2282c
--- /dev/null
+++ b/modules/optionnals/openfortivpn.nix
@@ -0,0 +1,100 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  openfortivpn-addroute = pkgs.writeShellScript "openfortivpn-addroute.sh" ''
+
+    sleep 2
+    ${pkgs.iproute2}/bin/ip route add 172.16.0.0/12 dev ppp0
+    ${pkgs.iproute2}/bin/ip route del default
+    ${pkgs.iproute2}/bin/ip route add default via 192.168.0.254
+    ${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
+    search ville.besancon
+    nameserver 172.18.96.1
+    nameserver 172.18.96.2
+    EOF
+  '';
+  openfortivpn-delroute = pkgs.writeShellScript "openfortivpn-delroute.sh" ''
+
+    sleep 2
+    ${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
+    nameserver 10.0.0.1
+    nameserver 2001:41d0:303:20da::1
+    nameserver 217.182.138.218
+    nameserver 9.9.9.9
+    EOF
+  '';
+
+  myMount = description: what: where: {
+    inherit description what where;
+    type = "cifs";
+    options = "credentials=/etc/openfortivpn/smb-secrets,uid=beastie,gid=users";
+  };
+  myAutoMount = description: where: {
+    inherit description where;
+    requires = [ "network-online.target" ];
+    after = [ "network-online.service" ];
+    wantedBy = [ "multi-user.target" ];
+    automountConfig = {
+      TimeoutIdleSec = 30;
+    };
+  };
+in
+{
+  sops = {
+    secrets = {
+      "ldap_GBM/username" = { };
+      "ldap_GBM/password" = { };
+      "openfortivpn/host" = { };
+      "openfortivpn/port" = { };
+    };
+    templates."openfortivpn.conf" = {
+      content = ''
+        host = ${config.sops.placeholder."openfortivpn/host"}
+        port = ${config.sops.placeholder."openfortivpn/port"}
+        username = ${config.sops.placeholder."ldap_GBM/username"}
+        password = ${config.sops.placeholder."ldap_GBM/password"}
+      '';
+      mode = "0600";
+      owner = "root";
+    };
+  };
+  environment.systemPackages = [
+    pkgs.openfortivpn
+    pkgs.cifs-utils
+  ];
+  systemd.services."openfortivpn" = {
+    enable = true;
+    #wantedBy = lib.mkForce [ ];
+    unitConfig = {
+      Description = "OpenFortiVPN";
+      After = "network-online.target";
+      Wants = "network-online.target systemd-networkd-wait-online.service";
+      Documentation = [
+        "man:openfortivpn(1) https://github.com/adrienverge/openfortivpn#readme https://github.com/adrienverge/openfortivpn/wiki"
+      ];
+    };
+    serviceConfig = {
+      Type = "notify";
+      PrivateTmp = "true";
+      ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn --no-dns -c ${config.sops.templates."openfortivpn.conf".path}";
+      ExecStartPost = "${openfortivpn-addroute}";
+      ExecStopPost = "${openfortivpn-delroute}";
+      Restart = "on-failure";
+      #OOMScoreAdjust = "-100";
+    };
+  };
+
+  systemd.mounts = [
+    (myMount "GBM Perso" "//vf-mc2-sfic06.ville.besancon/usr_s$/SALVIJER/Mes Documents"
+      "/gbmshares/perso"
+    )
+    (myMount "GBM Services" "//vf-mc2-sfic06.ville.besancon/08TIC" "/gbmshares/services")
+  ];
+  systemd.automounts = [
+    (myAutoMount "GBM Perso automount" "/gbmshares/perso")
+    (myAutoMount "GBM Services automount" "/gbmshares/services")
+  ];
+}
\ No newline at end of file